Creating batch of certificates using script


#1

My domain is: Multiple domains

My web server is (include version): Nginx 1.10.3

The operating system my web server runs on is (include version): Debian 9

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Hello

I have a about 200 domains hosted on my Nginx server, and domains will get added from time to time. I’m trying to write a script that will automatically add SSL to these domains. What would be my options? From my understanding with certbot, I would have to manually input information by hand.


#2

I don’t know what language your backend is, but I’m pretty sure you’re better off chosing a library from the list of ACME implementations, so you can integrate Let’s Encrypt into your backend directly.

Certbot, the way I see it, is more a client for end-users to use directly.


#3

Manually?
The whole point of LE is automation…

You could call a script with variables that uses certbot with those parameters.
I don’t really see how you can implement it easily / generically; as:

  • you can’t run as --standalone (you already serve many sites from https there)
  • you can’t forward all http to https (any new site won’t have https yet - perhaps snakeoiled?)

But even so, there are ways to use certbot in such a situation.
You could use --webroot -w /path/to/{new-site-name}
and explicitly define the cert name used to match with --cert-name {new-site-name}
which could fit nicely into a well defined scripted implementation.


#5

I ended up using lua-resty-auto-ssl works very nicely